kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #172615
[Bug 1566221] Re: linux: Enforce signed module loading when UEFI secure boot
This bug was fixed in the package linux - 4.4.0-21.37
---------------
linux (4.4.0-21.37) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1571791
* linux: MokSBState is ignored (LP: #1571691)
- SAUCE: (noup) MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: (noup) efi: Disable secure boot if shim is in insecure mode
- SAUCE: (noup) Display MOKSBState when disabled
linux (4.4.0-20.36) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1571069
* sysfs mount failure during stateful lxd snapshots (LP: #1570906)
- SAUCE: kernfs: Do not match superblock in another user namespace when
mounting
* Kernel Panic in Ubuntu 16.04 netboot installer (LP: #1570441)
- x86/topology: Fix logical package mapping
- x86/topology: Fix Intel HT disable
- x86/topology: Use total_cpus not nr_cpu_ids for logical packages
- xen/apic: Provide Xen-specific version of cpu_present_to_apicid APIC op
- x86/topology: Fix AMD core count
* [regression]: Failed to call clock_adjtime(): Invalid argument
(LP: #1566465)
- ntp: Fix ADJ_SETOFFSET being used w/ ADJ_NANO
linux (4.4.0-19.35) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1570348
* CVE-2016-2847 (LP: #1554260)
- pipe: limit the per-user amount of pages allocated in pipes
* xenial kernel crash on HP BL460c G7 (qla24xx problem?) (LP: #1554003)
- SAUCE: (noup) qla2xxx: Add irq affinity notification V2
* arm64: guest hangs when ntpd is running (LP: #1549494)
- SAUCE: (noup) KVM: arm/arm64: Handle forward time correction gracefully
* linux: Enforce signed module loading when UEFI secure boot (LP: #1566221)
- [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
* s390/cpumf: Fix lpp detection (LP: #1555344)
- s390/facilities: use stfl mnemonic instead of insn magic
- s390/facilities: always use lowcore's stfle field for storing facility bits
- s390/cpumf: Fix lpp detection
* s390x kernel image needs weightwatchers (LP: #1536245)
- [Config] s390x: Use compressed kernel bzImage
* Surelock GA2 SP1: surelock02p05: Not seeing sgX devices for LUNs after
upgrading to Ubuntu 16.04 (LP: #1567581)
- Revert "UBUNTU: SAUCE: (noup) powerpc/pci: Assign fixed PHB number based on
device-tree properties"
* Backport upstream bugfixes to ubuntu-16.04 (LP: #1555765)
- cpufreq: powernv: Define per_cpu chip pointer to optimize hot-path
- Revert "cpufreq: postfix policy directory with the first CPU in related_cpus"
- cpufreq: powernv: Add sysfs attributes to show throttle stats
* systemd-modules-load.service: Failing due to missing module 'ib_iser' (LP: #1566468)
- [Config] Add ib_iser to generic inclusion list
* thunderx nic performance improvements (LP: #1567093)
- net: thunderx: Set recevie buffer page usage count in bulk
- net: thunderx: Adjust nicvf structure to reduce cache misses
* fixes for thunderx nic in multiqueue mode (LP: #1567091)
- net: thunderx: Fix for multiqset not configured upon interface toggle
- net: thunderx: Fix for HW TSO not enabled for secondary qsets
- net: thunderx: Fix receive packet stats
* Miscellaneous Ubuntu changes
- [Config] updateconfigs after CONFIG_DRM_I915_BPO_PRELIMINARY_HW_SUPPORT=n
* Miscellaneous upstream changes (LP: #1564901)
- Input: xpad - correctly handle concurrent LED and FF requests
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Mon, 18 Apr 2016 07:00:22
-0600
** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2847
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1566221
Title:
linux: Enforce signed module loading when UEFI secure boot
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
Add code to implement secure boot checks. Unsigned or incorrectly
signed modules will continue to install while tainting the kernel
_until_ EFI_SECURE_BOOT_SIG_ENFORCE is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1566221/+subscriptions
References